Cybersecurity Focus Areas for the New Year

The seemingly endless list of massive data breaches last year demonstrated just how critical effective cybersecurity has become. Companies in all industries are losing the battle to protect their customers’ data. As we move into 2019, it’s important to remember that cybersecurity is about more than protecting information; it’s about neutralizing attacks that can literally bring your organization down, and pursuing customer trust.

The threat landscape is vast, and it is hard to assess every trend. Here are five that we think are worth preparing for:

1. Open source hacking tool adoption

Open source (freely available) hacking tools were widely adopted in 2018, and are increasingly favored by attackers over custom-made malware. New tools are released each day both by threat actors in hidden hacking forums and dark web marketplaces, and by security researchers as penetration testing tools. As a result, in 2019 we can expect to see low-skilled cybercriminals catching up with expert hackers and launching sophisticated attacks with better tools, better social engineering techniques, and broader targets.

2. IoT attacks take center stage

IoT attacks are expected to intensify as threat actors leverage more and more devices to deliver everything from coin miners to malware to misinformation. Attacks on devices such as cars, medical devices and industrial control systems (ICS) bridge the digital and physical worlds, threatening bodily harm or even loss of life. Additionally, ubiquitous home-based devices are rife with vulnerabilities, providing numerous avenues for hackers to leverage as potential access points to company networks. This year, the hype around IoT threats is likely to become a reality, with breaches directly tied back to IoT devices.

3. Widening cybersecurity talent gap

Research indicates that the security staff shortage is getting worse. According to a global 2018 survey conducted by ESG, 51 percent of respondents claimed their organization already has a problematic shortage of cybersecurity skills. Given the increasingly dangerous threat landscape, rising costs associated with data breaches and expanding digital transformation initiatives, the stakes for companies are high. Security operations are people-centric; finding ways to help your security team quickly analyze, prioritize and respond to threats is essential to maturing your security posture and keeping your business safe in 2019.

4. Zero Trust Network Security

With attackers routinely stealing credentials and masquerading as legitimate users, the idea that everything on the inside of an organization’s network should be trusted has become antiquated. Introduced by Forrester Research nearly a decade ago, the concept of Zero Trust is rapidly moving from buzzword to reality. Proactive security leaders are adopting a “never trust, always verify” approach to network security challenges in 2019.

“If I have 20 calls, 17 are about Zero Trust. CISOs, CIOs and CEOs are all interested, and companies of various sizes are interested. And in three years, I think Zero Trust will be cited as one of the big-time frameworks in cybersecurity. Period.” —Chase Cunningham, Principal Analyst, Forrester

5. Rising nation-state cyber activity

Simmering trade tensions between the U.S. and China have left governments deeply suspicious of each others’ cybercrime activities. During a keynote at RSA Conference 2018, U.S. Department of Homeland Security Secretary Kirstjen M. Nielsen warned that we’ve reached a turning point in cyber history. Digital security is merging with personal and physical security and as far as the U.S. is concerned, complacency is being replaced by consequences. In an effort to identify and punish America’s cyber adversaries, the Department of Justice (DOJ) recently charged two Chinese hackers associated with the Ministry of State Security with global computer intrusion campaigns targeting intellectual property and confidential business information.

The trickle-down effect of nation-state hacking is a serious concern, as sophisticated techniques used by governments typically find their way into dark web marketplaces and ultimately, into the hands of cybercriminals looking to infiltrate companies.